New Scams and Phishing Methods Through Crowd-Sourcing

Introduction

Crowd-sourcing websites allow scammers to reach out to thousands of strangers to perform their work for them or give away their information for the promise of a few pennies or dollars. Assuming the cost isn't the worker's privacy or own financial information, acting through a web of willing accomplices allows scammers to reach far more people through crowd-sourcing.

Unfortunately, these new scams and phishing methods are spreading through crowd-sourcing sites. How are crowd-sourcing websites getting used by scammers?

Crowdsourcing websites deliver hordes of people eager to perform tasks for money, either setting themselves up for a scam or unwittingingly doing work for scammers. | Source

Next Generation Online Scams and Threats

Social networking sites gain power through membership numbers. Crowd-sourcing is new way of gaining potential members. Payment of a few cents to get new sign-ups generates new accounts and possibly long term members. In this case, their payment is a marketing expense. Unfortunately, paying others to create dummy accounts is also used by those whose accounts are blocked to gain access to these sites, with the crowd-sourced worker paid to hand over the credentials to the account they created.

Click fraud is easily outsourced via crowd-sourcing. Crowd-sourcing tasks in this category request that someone simply click on a website and then click on a specific advertisement. More elaborate schemes request that the person copy and paste text of the ad to post in the comments or verification field. This takes up precious time that can be used to use up the time limit of a task, eliminating the need to pay someone for the click fraud. Crowdsourcing sites like Amazon mturk ban this type of task but cannot always police it while other crowdsourcing sites simply don't care.

Why raid someone's PayPal account with fraudulent charges? New hacking attempts could simply log into blog sites and content creation websites and change the "payment" address for PayPal from the individual's PayPal account to that of the scammer. This fraud can be perpetrated via crowd-sourcing websites by asking someone to log in to PayPal to transfer money, enter their PayPal address to receive payment or give the locations of sites where they have Google Adsense set up.

Surveys through crowd-sourcing websites may yield a small payment, but the scammer receives your personal information and details that can be used for targeted spear phishing messages sent to you later.

Crowdsourcing sites frequently have tasks for "test our software", which is actually a link to install spyware on your machine. Or it installs malware on your machine to be used for sending out spam or coordinated botnet attacks later.

Crowdsourcing websites sometimes show tasks saying "test our sign up process". You get paid a few dollars to sign up, but cannot cancel the subscription once you've signed up. The truly egregious ones set an impossible time limit on the task, so the person is signed up and legally obligated for the service but doesn't even get the two dollars for the "test".

Plagiarism has become part of the crowd-sourcing landscape. Why employ article spinning software when articles can be rewritten by humans for 25 cents to $2? A new form of this scam has been to post tasks requesting rewrites of solicitation emails for signing up at websites or informing someone that they need to log into their account. Rewritten messages in the person's native language reduce the red flags that poorly translated phishing messages cause while varying verbiage trips up message.

Requests to create a new "task requestor" account on a crowd-sourcing website should raise a red alert. Someone with an active "task requestor" account who is requesting a new one is making this request in the expectation that their current account will be shut down. If someone is unable to create a new task requestor account on a different crowd-sourcing website, this means that they have been blocked due to reports of non-payment, solicitation or fraud. Never perform work for someone who has been blocked or likely will be blocked from requesting work is done.

Crowd-sourced tests of a phone service can lead to someone signing up for a service and becoming legally liable for the bill. Likewise, stating that you aren't interested after receiving a car insurance quote may still mean future calls from that firm soliciting your business, because you called them first.